feat: prevent path traversal attacks (#12611)

ewaostrowska · ewaostrowska · commit e500a3198987 · 2025-09-29T10:20:59.000+02:00
diff --git a/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java b/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java
@@ -157,6 +157,7 @@ private static String generate(String language, GeneratorInput opts, Type type)
             }
             for (File file : files) {
                 try {
+                    SecureFileUtils.validatePath(file);
                     file.delete();
                 } catch (Exception e) {
                     LOGGER.error("unable to delete file " + file.getAbsolutePath());
@@ -193,3 +194,4 @@ protected static File getTmpFolder() {
         }
     }
 }
+

Original file line number	Diff line number	Diff line change
`@@ -157,6 +157,7 @@ private static String generate(String language, GeneratorInput opts, Type type)`
`157`	`157`	`}`
`158`	`158`	`for (File file : files) {`
`159`	`159`	`try {`
	`160`	`+ SecureFileUtils.validatePath(file);`
`160`	`161`	`file.delete();`
`161`	`162`	`} catch (Exception e) {`
`162`	`163`	`LOGGER.error("unable to delete file " + file.getAbsolutePath());`
`@@ -193,3 +194,4 @@ protected static File getTmpFolder() {`
`193`	`194`	`}`
`194`	`195`	`}`
`195`	`196`	`}`
	`197`	`+`